So for example, you could take an exploit contained in a PDF document,
and modify the header of the file so that it does not look like a
proper PDF document; the antivirus software might think that it is
mangled, or even another kind of document altogether, and therefore it
does not detect the exploit. The client software, however, passes
over the modifications and processes the file normally, thus
triggering the exploit.

This is a direct consequence of Postel’s Law: two implementations are
trying to work with a broken file format, and they interpret it
liberally in different ways.